开启集群步骤如下:
1)生成 ssl 文件(直接在 linux 下执行即可)
openssl genrsa 2048 > ca-key.pem
openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem
openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout server-key.pem > server-req.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -sha1 -req -in server-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.
pem openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout client-key.pem > client-req.pem
openssl rsa -in client-key.pem -out client-key.pem
openssl x509 -sha1 -req -in client-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
此步骤可能出现提示,直接忽略即可
2) 拷贝三个文件到某个目录下,在gcluster*.cnf下设置如下内容
ssl-ca=/usr/local/myssl/ca-cert.pem
ssl-cert=/usr/local/myssl/server-cert.pem
ssl-key=/usr/local/myssl/server-key.pem
3) 重启集群然后通过show variables like ‘%SSL%’查看是否开启ssl功能。
如下为开启:
经过前面三步集群已经开启ssl功能,针对jdbc按照如下使用步骤
1)生成jdbc连接用密钥
keytool -import -alias GBaseCACert -file ca-cert.pem -keystore truststore
说明:ca-cert.pem为生成ssl文件时生成的文件,执行该步骤后会提示输入认 证,即密码,比如输入password1(jdbc会用到)
openssl x509 -outform DER -in client-cert.pem -out client.cert
keytool -import -file client.cert -keystore keystore -alias GBaseClientCertificate
说明:client.cert为生成ssl文件时生成的文件,执行该步骤后会提示输入认 证,即密码,比如输入password1,(jdbc会用到)
2)上述步骤会生成两个文件truststore,keystore,将这两个文件拷贝到jdbc 可以访问的路径下
3) 按照如下样例编写代码
String url = “jdbc:gbase://192.168.8.27:5258/gbase” />
String trustStorePath = “D:\\JDBCTest\\src\\test-certs\\truststore”;
String keyStorePath = “D:\\JDBCTest\\src\\test-certs\\keystore”;
System.setProperty(“javax.net.ssl.keyStore”, keyStorePath);
System.setProperty(“javax.net.ssl.keyStorePassword”, “password1”);
System.setProperty(“javax.net.ssl.trustStore”, trustStorePath);
System.setProperty(“javax.net.ssl.trustStorePassword”, “password1”);
Connection conn = DriverManager.getConnection(url);
Statement st = conn.createStatement();
ResultSet rs = st.executeQuery(“show status like ‘%SSL%'”);
while(rs.next()){
System.out.println(rs.getString(1)+”—–“+rs.getString(2));
}
以上就是使用jdbc ssl功能步骤,注意黄色背景设置